You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/governance/create-access-review.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,17 +63,18 @@ For more information, see [License requirements](access-reviews-overview.md#lice
63
63
64
64
65
65
66
-
> [!NOTE]
67
-
> Selecting multiple groups or applications results in the creation of multiple access reviews. For example, if you select five groups to review, the result is five separate access reviews.
68
-
69
-
1. Now you can select a scope for the review. Your options are:
66
+
> [!NOTE]
67
+
> Selecting multiple groups or applications results in the creation of multiple access reviews. For example, if you select five groups to review, the result is five separate access reviews.
70
68
69
+
7. Now you can select a scope for the review. Your options are:
71
70
-**Guest users only**: This option limits the access review to only the Azure AD B2B guest users in your directory.
72
71
-**Everyone**: This option scopes the access review to all user objects associated with the resource.
73
72
74
73
> [!NOTE]
75
74
> If you selected **All Microsoft 365 groups with guest users**, your only option is to review **Guest users only**.
76
75
76
+
1. Or if you are conducting group membership review, you can create access reviews only for inactive users in the group (preview). In the *Users scope* section, check the box next to **Inactive users (on tenant level)**. If you check the box, the scope of the review will focus on inactive users only. Then, specify **Days inactive** with a number of days inactive up to 730 days (two years). Users in the group inactive for the specified number of days will be the only users in the review.
77
+
77
78
1. Select **Next: Reviews**.
78
79
79
80
### Next: Reviews
@@ -213,9 +214,9 @@ B2B direct connect users and teams are included in access reviews of the Teams-e
213
214
- User administrator
214
215
- Identity Governance Administrator
215
216
216
-
Ue the following instructions to create an access review on a team with shared channels:
217
+
Use the following instructions to create an access review on a team with shared channels:
217
218
218
-
1. Sign in to the Azure Portal as a Global Admin, User Admin or Identity Governance Admin.
219
+
1. Sign in to the Azure portal as a Global Admin, User Admin or Identity Governance Admin.
219
220
220
221
1. Open the [Identity Governance](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/) page.
Copy file name to clipboardExpand all lines: articles/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,18 +63,20 @@ The need for access to privileged Azure resource and Azure AD roles by employees
63
63
64
64
:::image type="content" source="./media/pim-create-azure-ad-roles-and-resource-roles-review/users.png" alt-text="Users scope to review role membership of screenshot.":::
65
65
66
-
11. Under **Review role membership**, select the privileged Azure resource or Azure AD roles to review.
66
+
11. Or, you can create access reviews only for inactive users (preview). In the *Users scope* section, set the **Inactive users (on tenant level) only** to **true**. If the toggle is set to *true*, the scope of the review will focus on inactive users only. Then, specify **Days inactive** with a number of days inactive up to 730 days (two years). Users inactive for the specified number of days will be the only users in the review.
67
+
68
+
12. Under **Review role membership**, select the privileged Azure resource or Azure AD roles to review.
67
69
68
70
> [!NOTE]
69
71
> Selecting more than one role will create multiple access reviews. For example, selecting five roles will create five separate access reviews.
70
72
71
73
:::image type="content" source="./media/pim-create-azure-ad-roles-and-resource-roles-review/review-role-membership.png" alt-text="Review role memberships screenshot.":::
72
74
73
-
12. In **assignment type**, scope the review by how the principal was assigned to the role. Choose **eligible assignments only** to review eligible assignments (regardless of activation status when the review is created) or **active assignments only** to review active assignments. Choose **all active and eligible assignments** to review all assignments regardless of type.
75
+
13. In **assignment type**, scope the review by how the principal was assigned to the role. Choose **eligible assignments only** to review eligible assignments (regardless of activation status when the review is created) or **active assignments only** to review active assignments. Choose **all active and eligible assignments** to review all assignments regardless of type.
74
76
75
77
:::image type="content" source="./media/pim-create-azure-ad-roles-and-resource-roles-review/assignment-type-select.png" alt-text="Reviewers list of assignment types screenshot.":::
76
78
77
-
13. In the **Reviewers** section, select one or more people to review all the users. Or you can select to have the members review their own access.
79
+
14. In the **Reviewers** section, select one or more people to review all the users. Or you can select to have the members review their own access.
78
80
79
81
:::image type="content" source="./media/pim-create-azure-ad-roles-and-resource-roles-review/reviewers.png" alt-text="Reviewers list of selected users or members (self)":::
0 commit comments